Systems and methods for spoof detection relative to a template instead of on an absolute scale

ABSTRACT

Disclosed are a system and method for performing spoof detection. The method includes: receiving, by a processor from a biometric sensor, an input image of a biometric; extracting, by the processor, one or more anti-spoof metrics from the input image; receiving, by the processor, an anti-spoof template corresponding to the biometric; for a first anti-spoof metric, computing, by the processor, a differential value between a value of the first anti-spoof metric extracted from the input image and a value of the first anti-spoof metric in the anti-spoof template; and determining, by the processor, whether the input image is a replica of the biometric based on the differential value.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.62/420,513, filed on Nov. 10, 2016, which is hereby incorporated byreference in its entirety.

FIELD

This disclosure generally relates to biometric sensors and, moreparticularly, to systems and methods for spoof detection relative to atemplate instead of on an absolute scale.

BACKGROUND

Biometric authentication systems are used for authenticating and/orverifying users of devices incorporating the authentication systems.Biometric sensing technology provides a reliable, non-intrusive way toverify individual identity for recognition purposes.

Fingerprints, like various other biometric characteristics, are based ondistinctive personal characteristics and are, thus, a reliable mechanismfor recognizing an individual. There are many potential applications forusing fingerprint sensors. For example, fingerprint sensors may be usedto provide access control in stationary applications, such as securitycheckpoints. Electronic fingerprint sensors may also be used to provideaccess control in mobile devices, such as cell phones, wearable smartdevices (e.g., smart watches and activity trackers), tablet computers,personal data assistants (PDAs), navigation devices, and portable gamingdevices. Accordingly, some applications, in particular applicationsrelated to mobile devices, may require authentication systems that areboth small in size and highly reliable.

Biometric “spoofing” is any attempt to circumvent biometric securityusing a replica of a user's sensed biometric. In the context offingerprint authentication systems, some examples of spoofing materialsinclude a three-dimensional (3D) gelatin mold of a finger, a graphitemold of a finger, a wood glue mold of a finger, and printedtwo-dimensional (2D) image of a finger, among others. In the context offacial recognition, an example spoofing material could be a photo ofperson's face. In the context of voice recognition, an example spoofingmaterial could be a vocal imitation or playback.

In order to maintain the integrity of biometric authentication systems,there is a need for anti-spoofing systems and methods, also referred toas “liveness detection”, that can detect when an authentication attemptis a spoof and, upon spoof detection, properly deny authentication.

SUMMARY

One embodiment a device, comprising a biometric sensor and a processingsystem. The processing system is configured to: receive, from thebiometric sensor, an input image of a biometric; extract one or moreanti-spoof metrics from the input image; receive an anti-spoof templatecorresponding to the biometric; for a first anti-spoof metric, compute adifferential value between a value of the first anti-spoof metricextracted from the input image and a value of the first anti-spoofmetric in the anti-spoof template; and, determine whether the inputimage is a replica of the biometric based on the differential value.

Another embodiment provides a method for performing spoof detection. Themethod includes: receiving, by a processor from a biometric sensor, aninput image of a biometric; extracting, by the processor, one or moreanti-spoof metrics from the input image; receiving, by the processor, ananti-spoof template corresponding to the biometric; for a firstanti-spoof metric, computing, by the processor, a differential valuebetween a value of the first anti-spoof metric extracted from the inputimage and a value of the first anti-spoof metric in the anti-spooftemplate; and determining, by the processor, whether the input image isa replica of the biometric based on the differential value. Someembodiments further include a non-transitory computer-readable storagemedium storing instructions that, when executed by a processor, performthe method for spoof detection.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an example of an electronic device thatincludes a sensor device and a processing system, according to anembodiment.

FIG. 2 is a block diagram illustrating a system and method for spoofdetection according to an embodiment.

FIG. 3 is a block diagram of a spoof detection system, according to anembodiment.

FIG. 4 is a flow diagram illustrating method steps for performing spoofdetection based on relative metrics, according to an embodiment.

FIG. 5 is a flow diagram illustrating method steps for creating andupdating an anti-spoof template, according to an embodiment.

FIG. 6 is a flow diagram illustrating method steps for spoof detectionbased on one or more differential metrics, according to an embodiment.

DETAILED DESCRIPTION

The following detailed description is merely exemplary in nature and isnot intended to limit the disclosure or the application and uses of thedisclosure. Furthermore, there is no intention to be bound by anyexpressed or implied theory presented in the preceding technical field,background, summary, brief description of the drawings, or the followingdetailed description. Turning to the drawings, and as described ingreater detail herein, embodiments provide systems and methods for ametric for spoof detection.

Fingerprint images can have considerable variation from person toperson, from sensor to sensor, and even from different images for thesame person. This variation reflects the fact that a person's finger isa living thing and changes as the finger responds to external factors,such as sweating, stretching when touched, etc. When a finger is imagedwith a fingerprint sensor, these changes are captured to some extentand, hence, the sensed images include some variation, even withdifferent impressions of the same finger. Also, different sensors fromthe same sensing technology can add small differences.

The goal of a robust fingerprint matcher is to be agnostic to many ofthese changes for the same finger, which improves the usability of thesystem for a genuine user. However, if spoofs are constructed, e.g.,with latent prints from the user, the spoof images can be sufficientlysimilar to the real finger that they can be used to gain entry into thesystem. Fingerprint anti-spoof technology attempts to distinguish imagesfrom spoof fingers from those of live fingers by deriving propertiesfrom the images that can be used to differentiate them.

As described, anti-spoof technology helps to improve the security of abiometric authentication system by preventing a successfulauthentication using a spoofed fingerprint, for example a spooffingerprint created using the latent fingerprint of a genuine user ofthe device. Since the spoof fingerprint is a copy of the fingerprintthat is enrolled on the device, without anti-spoof technology, afingerprint matcher could match the spoofed fingerprint image to anenrolled image and grant access to the device.

Anti-spoof technology analyzes features in the spoof fingerprint imageand attempts to distinguish the spoof fingerprint image from an image ofa real finger. Embodiments of the disclosure provide a system and methodfor spoof detection based on computing one or more metrics that arerelative to prior images of the same biometric.

Once the one or more metrics are computed, the metrics are input to a“classifier,” which produces a score that can be compared against athreshold to determine if the finger is a live finger or a spoof. Insome implementations, many different metrics are input into theclassifier, and the classifier is configured to compute an overallliveness score based on the combination of metrics. In one example, theclassifier is a neural network, but any classifier is within the scopeof the disclosure. The classifier itself can be developed using machinelearning methods, where a training set and a test set are created totrain and validate the classifier performance.

Software-based anti-spoof technology detects spoofs by extractingfeatures in an input image and analyzing those features to distinguish aspoof image from an image of a real finger. In some embodiments,anti-spoof solutions are performed independent of the underlying matcher(i.e., the matcher that is used to determine whether the input imageprovides a match to an enrollment template (or “enrollment image”) forpurposes of authentication, verification, or identification, forexample), such that a match/non-match decision and a spoof/non-spoofdecision are made separately and independently of one another.

Some anti-spoof classification systems attempt to determine the degreeto which any given finger appears to be live, as opposed to a spoof.Typically, an anti-spoof classification system uses an absolute scaleand classifies the degree to which any given finger appears to be liveusing populations/distributions of all live and spoof examples in atraining database. In other words, these conventional approaches rely onabsolute metrics when making a liveness determination.

In other conventional systems, a liveness score is computed for eachenrollment image for a user based on extracting anti-spoof metrics fromeach enrollment image during the enrollment process and combining themetrics in some manner (e.g., via a liveness classifier). The livenessscores for the different enrollment images can be combined, for exampleby averaging, into an overall liveness score for the user. When averification attempt is made, such conventional systems extractanti-spoof metrics from an input image associated with the verificationattempt and then compute a liveness score for the input image based onthe combination of metrics. The liveness score associated with theverification attempt can be compared to the overall liveness score forthe user to determine if it is a spoof. For example, a determination canbe made as to whether the difference between the liveness scoreassociated with the verification attempt and the overall liveness scoreis within a threshold. However, this method is merely sets theclassifier threshold in a relative way. It does not modify theclassifier itself at all and none of the metrics input into theclassifier are differential metrics.

Embodiments make a liveness determination based on metrics (e.g.,statistics) that are relative to metrics found in other images of thatparticular user's finger. The relative differences in the metrics areinput into a classifier that makes the liveness decision. This approachis different from conventional approaches where the classifier operateswithout using any relative (or “differential”) metrics.

The disclosed embodiments have major advantages because they take intoaccount deviations from a known live finger. As a simplified example,assume a live finger has a low variance of gray levels along its fingerridges. Classifying on an absolute scale, this likely means the livenessis low, and that on a verification attempt a live finger might beclassified erroneously as a spoof, adding to the FRR (false reject rate)of the system. Further assume a spoof finger is seen that has an evenlower variance. Using the absolute method, such an attempt is alsocalled a spoof, but this time correctly so. Using a relative method, asdisclosed herein, any live finger with similar variance to the fingerused during enrollment would be correctly determined to be a livefinger. But a spoof with even less variance can still be detected as aspoof because it deviated far enough away from the normal baseline.

Turning to the figures, FIG. 1 is a block diagram of an example of anelectronic device 100 that includes a sensor device 102 and a processingsystem 104, according to an embodiment. By way of example, basicfunctional components of the electronic device 100 utilized duringcapturing, storing, and validating a biometric match attempt areillustrated. The processing system 104 includes a processor(s) 106, amemory 108, a template storage 110, an operating system (OS) 112, and apower source(s) 114. Each of the processor(s) 106, the memory 108, thetemplate storage 110, and the operating system 112 are interconnectedphysically, communicatively, and/or operatively for inter-componentcommunications. The power source 114 is interconnected to the varioussystem components to provide electrical power as necessary.

As illustrated, processor(s) 106 are configured to implementfunctionality and/or process instructions for execution withinelectronic device 100 and the processing system 104. For example,processor 106 executes instructions stored in memory 108 or instructionsstored on template storage 110 to identify a biometric object ordetermine whether a biometric authentication attempt is successful orunsuccessful. Memory 108, which may be a non-transitory,computer-readable storage medium, is configured to store informationwithin electronic device 100 during operation. In some embodiments,memory 108 includes a temporary memory, an area for information not tobe maintained when the electronic device 100 is turned off. Examples ofsuch temporary memory include volatile memories such as random accessmemories (RAM), dynamic random access memories (DRAM), and static randomaccess memories (SRAM). Memory 108 also maintains program instructionsfor execution by the processor 106.

Template storage 110 comprises one or more non-transitorycomputer-readable storage media. In the context of a fingerprint sensor,the template storage 110 is generally configured to store enrollmentviews for fingerprint images for a user's fingerprint or otherenrollment information. The enrollment views can include multiple imagesof the same finger. Further, the enrollment views can include view ofmultiple different fingers of the user. More generally, the templatestorage 110 may be used to store information about an object. Thetemplate storage 110 may further be configured for long-term storage ofinformation. In some examples, the template storage 110 includesnon-volatile storage elements. Non-limiting examples of non-volatilestorage elements include magnetic hard discs, solid-state drives (SSD),optical discs, floppy discs, flash memories, or forms of electricallyprogrammable memories (EPROM) or electrically erasable and programmable(EEPROM) memories, among others.

The processing system 104 also hosts an operating system (OS) 112. Theoperating system 112 controls operations of the components of theprocessing system 104. For example, the operating system 112 facilitatesthe interaction of the processor(s) 106, memory 108 and template storage110. The processing system 104, although shown as including a processor106 and memory 108, may further include a microprocessor,microcontroller and/or dedicated circuitry.

According to various embodiments, the processor(s) 106 implementhardware and/or software to obtain data describing an image of an inputobject. The processor(s) 106 may also align two images and compare thealigned images to one another to determine whether there is a match. Theprocessor(s) 106 may also operate to reconstruct a larger image from aseries of smaller partial images or sub-images, such as fingerprintimages when multiple partial fingerprint images are collected during abiometric process, such as an enrollment or matching process forverification or identification.

The processing system 104 includes one or more power sources 114 toprovide power to the electronic device 100. Non-limiting examples ofpower source 114 include single-use power sources, rechargeable powersources, and/or power sources developed from nickel-cadmium,lithium-ion, or other suitable material as well power cords and/oradapters which are in turn connected to electrical power.

Sensor device 102 can be implemented as a physical part of theelectronic device 100, or can be physically separate from the electronicdevice 100. As appropriate, the sensor device 102 may communicate withparts of the electronic device 100 using any one or more of thefollowing: buses, networks, and other wired or wirelessinterconnections. In some embodiments, sensor device 102 is implementedas a fingerprint sensor to capture a fingerprint image of a user. Inaccordance with the disclosure, the sensor device 102 uses opticalsensing for the purpose of object imaging including imaging biometricssuch as fingerprints. The sensor device 102 can be incorporated as partof a display, for example, or may be a discrete sensor. In someembodiments, the sensor device 102 may perform optical imaging. Invarious other embodiments, the sensor device 102 can be replaced with acapacitive sensor device, ultrasonic sensor device, or another sensordevice that uses some other sensing technology for object imaging, asdescribed in greater detail herein.

The electronic device 100 may utilize any suitable combination of sensorcomponents and sensing technologies to detect user input in the sensingregion. Some implementations utilize arrays or other regular orirregular patterns of multiple sensing elements to detect the input.Example sensing techniques that the electronic device 100 may useinclude capacitive sensing techniques, optical sensing techniques,acoustic (e.g., ultrasonic) sensing techniques, pressure-based (e.g.,piezoelectric) sensing techniques, resistive sensing techniques, thermalsensing techniques, inductive sensing techniques, elastive sensingtechniques, magnetic sensing techniques, and/or radar sensingtechniques.

For example, the electronic device 100 may use resistive sensingtechniques where contact from an input object closes an electricalcircuit and can be used to detect input. In one example technique, thesensor device 102 includes a flexible and conductive first layerseparated by one or more spacer elements from a conductive second layer.During operation, one or more voltage gradients are created across thelayers. Pressing the flexible first layer may deflect it sufficiently tocreate electrical contact between the layers, resulting in voltageoutputs reflective of the point(s) of contact between the layers. Thesevoltage outputs may be used to determine spatial informationcorresponding to the input object.

In another example, the electronic device 100 may use inductive sensingtechniques where one or more sensing elements pick up loop currentsinduced by a resonating coil or pair of coils. Some combination of themagnitude, phase, and frequency of the currents may then be used todetermine spatial information corresponding to the input object.

In another example, the electronic device 100 may use acoustic sensingtechniques where one or more acoustic sensing elements detect soundwaves from nearby input objects. The sound waves may be in audiblefrequencies or ultrasonic frequencies. The detected sound waves mayinclude echoes of ambient sound waves and/or echoes of sound wavesemitted by the input device that are reflected from surfaces of theinput object. Some combination of the amplitude, phase, frequency, andor time delay of the electrical signals may be used to determine spatialinformation corresponding to the input object.

One example acoustic sensing technique utilizes active ultrasonicsensing to emit high frequency source waves that propagate to thesensing region. One or more ultrasonic transmitter elements (also“ultrasonic emitters”) may be used to emit high frequency sound waves tothe sensing region, and one or more ultrasonic receiving elements (also“ultrasonic receivers”) may detect echoes of the emitted sound waves.Separate elements may be used to transmit and receive, or commonelements that both transmit and receive may be used (e.g., ultrasonictransceivers). In some instances, emitted ultrasonic waves are able topenetrate sub-surfaces of the input object, such as dermal layers of ahuman finger.

In another example, the electronic device 100 may use optical sensingtechniques where one or more sensing elements detect light from thesensing region. The detected light may be reflected from the inputobject, transmitted through the input object, emitted by input object,or some combination thereof. The detected light may be in the visible orinvisible spectrum (such as infrared or ultraviolet light). Exampleoptical sensing elements include photodiodes, CMOS image sensor arrays,CCD arrays, thin-film detectors, and other suitable photosensorssensitive to light in wavelength(s) of interest. Active illumination maybe used to provide light to the sensing region, and reflections from thesensing region in the illumination wavelength(s) may be detected todetermine input information corresponding to the input object.

One example optical technique utilizes direct illumination of the inputobject, which may or may not be in contact with an input surface of thesensing region depending on the configuration. One or more light sourcesand/or light guiding structures are used to direct light to the sensingregion. When an input object is present, this light is reflecteddirectly from surfaces of the input object, which reflections can bedetected by the optical sensing elements and used to determine inputinformation about the input object.

Another example optical technique utilizes indirect illumination basedon internal reflection to detect input objects in contact with an inputsurface of the sensing region. One or more light sources are used todirect light in a transmitting medium at an angle at which it isinternally reflected at the input surface of the sensing region, due todifferent refractive indices at opposing sides of the interface definedby the input surface. Contact of the input surface by the input objectcauses the refractive index to change across this boundary, which altersthe internal reflection characteristics at the input surface. Highercontrast signals can often be achieved if principles of frustrated totalinternal reflection (FTIR) are used to detect the input object, wherethe light is directed to the input surface at an angle of incidence atwhich it is totally internally reflected, except at locations where theinput object is in contact and causes the light to scatter and partiallytransmit across this interface at the region of contact by the inputobject. An example of this is presence of a finger introduced to aninput surface defined by a glass to air interface. The higher refractiveindex of human skin compared to air causes light incident at the inputsurface at the critical angle of the interface to air to be partiallytransmitted across the input interface and scattered by the finger,where it would otherwise be totally internally reflected at the glass toair interface. This optical response can be detected by the system andused to determine spatial information. In some embodiments, this can beused to image small scale surface variations of the input object, suchas fingerprint patterns, where the internal reflectivity of the incidentlight differs depending on whether a ridge or valley of the finger is incontact with that portion of the input surface.

In another example, the electronic device 100 may use capacitivetechniques where voltage or current is applied to create an electricfield. Nearby input objects cause changes in the electric field, andproduce detectable changes in capacitive coupling that may be detectedas changes in voltage, current, or the like. Sensor electrodes may beutilized as capacitive sensing elements. Arrays or other regular orirregular patterns of capacitive sensing elements may be used to createelectric fields. Separate sensor electrodes may be ohmically shortedtogether to form larger sensing elements.

One example technique utilizes “self capacitance” (or “absolutecapacitance”) sensing methods based on changes in the capacitivecoupling between sensor electrodes and an input object. An input objectnear the sensor electrodes alters the electric field near the sensorelectrodes, thus changing the measured capacitive coupling. An absolutecapacitance sensing method may operate by modulating sensor electrodeswith respect to a reference voltage (e.g. system ground), and bydetecting the capacitive coupling between the sensor electrodes and theinput object. For example, the sensing element array may be modulated,or a drive ring or other conductive element that is ohmically orcapacitively coupled to the input object may be modulated. The referencevoltage may by a substantially constant voltage or a varying voltage, orthe reference voltage may be system ground.

Another example technique utilizes “mutual capacitance” (or“transcapacitance”) sensing methods based on changes in the capacitivecoupling between sensor electrodes. An input object near the sensorelectrodes may alter the electric field between the sensor electrodes,thus changing the measured capacitive coupling. A transcapacitivesensing method may operate by detecting the capacitive coupling betweenone or more transmitter sensor electrodes (also “transmitterelectrodes”) and one or more receiver sensor electrodes (also “receiverelectrodes”). Transmitter sensor electrodes may be modulated relative toa reference voltage to transmit transmitter signals. Receiver sensorelectrodes may be held substantially constant relative to the referencevoltage to facilitate receipt of resulting signals. The referencevoltage may by a substantially constant voltage or system ground. Thetransmitter electrodes are modulated relative to the receiver electrodesto transmit transmitter signals and to facilitate receipt of resultingsignals. A resulting signal may comprise effect(s) corresponding to oneor more transmitter signals, and/or to one or more sources ofenvironmental interference (e.g. other electromagnetic signals). Sensorelectrodes may be dedicated transmitters or receivers, or may beconfigured to both transmit and receive. Also, sensor electrodes may bededicated transcapacitance sensing elements or absolute capacitancesensing elements, or may be operated as both transcapacitance andabsolute capacitance sensing elements.

Some non-limiting examples of electronic devices 100 include personalcomputers of all sizes and shapes, such as desktop computers, laptopcomputers, netbook computers, tablets, web browsers, e-book readers, andpersonal digital assistants (PDAs). Additional example electronicdevices 100 include composite input devices, such as physical keyboardsand separate joysticks or key switches. Further example electronicdevices 100 include peripherals such as data input devices (includingremote controls and mice) and data output devices (including displayscreens and printers). Other examples include remote terminals, kiosks,video game machines (e.g., video game consoles, portable gaming devices,and the like), communication devices (including cellular phones, such assmart phones), and media devices (including recorders, editors, andplayers such as televisions, set-top boxes, music players, digital photoframes, and digital cameras).

FIG. 2 is a block diagram illustrating a system and method for spoofdetection according to an embodiment. At step 202, a sensor captures animage of a fingerprint. The fingerprint can be either from a live fingeror a spoofed finger. At step 204, a processor computes a spoof detectionmetric based on relative anti-spoof features, as described in greaterdetail below. One or more metrics may be computed at step 204. The oneor more metrics computed at step 204 are passed to a classifier.Optionally, at step 206, the processor may compute other spoof detectionmetrics and also pass them to the classifier. At step 208, the processorexecutes the classifier to determine whether the image of thefingerprint captured at step 202 is from a live finger or a spoofedfinger.

FIG. 3 is a block diagram of a spoof detection system, according to anembodiment. The system includes a sensor device 102 and a processor 106.The processor 106 is configured to execute one or more softwarefunctional blocks, including an image acquisition module 302, a matcher304, and a spoof detection module 306. The image acquisition module 302,the matcher 304, and the spoof detection module 306 are implemented assoftware instructions stored in a memory and executed by one or moreprocessors 106.

Although shown as separate function blocks in FIG. 3, two or more of theimage acquisition module 302, the matcher 304, and the spoof detectionmodule 306 may be executed together as a single software module,application, or operating system. Alternatively, the image acquisitionmodule 302, the matcher 304, and the spoof detection module 306 may beexecuted separately and/or provided by different software vendors. Also,in some embodiments, multiple processors 106 may be used to execute oneor more of the image acquisition module 302, the matcher 304, and thespoof detection module 306.

In some embodiments, an input image, such as a fingerprint image, iscaptured by the sensor device 102. The input image is passed to theimage acquisition module 302, which determines whether the image is anenrollment image or a verification image. If the input image is anenrollment image, a template associated with the input image is storedin the matcher template storage 308 and/or the matcher template storage308 is updated based on the new input image.

If the input image is a verification image, the image acquisition module302 also passes the input image to the matcher 304, which is configuredto determine whether the input image matches any of the enrollmentimages stored in the matcher template storage 308. In oneimplementation, the matcher 304 may compare the input image to theenrollment image to determine a difference between the images. In someembodiments, if the difference is below a threshold, a match is found;otherwise, there is no match. In other embodiments, various techniquesother than a comparison to a threshold can be used to determine whetherthe input image is a match to any of the enrollment images. Manydifferent techniques can be used to execute the matcher 304, includingpoint-based techniques, ridge-based techniques, or a combination ofpoint-based and ridge-based techniques.

In some embodiments, for enrollment images, the image acquisition module302 also passes the input image to the spoof detection module 306, whichextracts anti-spoof metrics from the input image. Example anti-spoofmetrics include: an average gray level of ridges, an average gray levelof valleys, one or more values as to whether the input image includesblurred areas, one or more values as to whether the input image includesrelative lighter areas, one or more values as to whether the input imageincludes relative darker areas, texture information (for example, bycomputing LBP (linear binary patterns) on portions of the input image,among others. In some implementations, anti-spoof metrics are generallyglobal features of the input image that do not include locationinformation. Also, in some implementations, anti-spoof metrics may notbe discerning enough to provide adequate fingerprint matching results,i.e., since many spoofed images could satisfy a matcher that reliedsolely on anti-spoof metrics for matching.

The anti-spoof metrics extracted from the input image by the spoofdetection module 306 may be stored in an anti-spoof template in theanti-spoof template storage 310. As described in detail herein, themetrics extracted from the input image can be combined with theanti-spoof metrics in the anti-spoof template, for example by averagingthe metrics extracted from the input image and the anti-spoof metrics inthe anti-spoof template, to generate an updated anti-spoof template.

In one implementation, the matcher template storage 308 and theanti-spoof template storage 310 comprise one storage device. In anotherimplementation, the matcher template storage 308 and the anti-spooftemplate storage 310 comprise separate storage devices.

In addition, in one implementation, when a user is enrolling enrollmentimages, the same images are used for updating the matcher templatestorage 308 and the anti-spoof template storage 310. In otherimplementations, separate enrollment processes are used to update thematcher template storage 308 and the anti-spoof template storage 310. Assuch, a given enrollment image could be used to update just one or bothof the matcher template storage 308 and the anti-spoof template storage310.

In some embodiments, if the matcher 304 does not find a match in thematcher template storage 308, then the matcher 304 takes an appropriateaction, such as, for example, denying entry to a mobile device. If thematcher 304 finds a match, then the spoof detection module 306 isconfigured to determine whether the input image is a spoof of a livefinger, i.e., whether image is that of a real live finger or anothernon-derma-based material, such as gelatin or wood glue.

In some embodiments, the spoof detection module 306 is executed as partof the matcher 304. In other embodiments, the spoof detection module 306is executed separately from the matcher 304.

In some embodiments, the spoof detection module 306 is executed afterthe matcher 304 finds a positive match. In other embodiments, the spoofdetection module 306 is executed before the matcher 304 makes amatch/non-match decision. In still further embodiments, the spoofdetection module 306 and the matcher 304 are executed in parallel.

As described in greater detail herein, the spoof detection module 306 isconfigured to retrieve the anti-spoof template from the anti-spooftemplate storage 310 and compute differential metrics for the inputimage relative to the anti-spoof template. The differential metrics arepassed to a classifier that makes the anti-spoof decision.

FIG. 4 is a flow diagram illustrating method steps for performing spoofdetection based on relative metrics, according to an embodiment. In oneembodiment, the method in FIG. 4 is implemented by the spoof detectionmodule 306 in FIG. 3.

As shown in FIG. 4, at step 402, a processor receives an input image. Inone implementation, the input image is an image of a fingerprint,although it will be understood that the method applies to images ofother biometrics as well. The input image can be either an enrollmentimage or a verification image.

At step 404, the processor extracts one or more anti-spoof metrics fromthe input image. In one implementation, the anti-spoof metrics areextracted using software that analyzes the input image and performsvarious computations. In other implementations, the anti-spoof metricsare extracted using hardware, such as for example using hardware in animage sensor that captured the input image.

At step 406, the processor determines whether the input image is anenrollment image or a verification image. If the processor determinesthat the input image is an enrollment image, then at step 408, theprocessor updates an anti-spoof template 310 with the one or moreanti-spoof metrics extracted from the input image.

In one embodiment, updating the anti-spoof template comprises computing,for each metric, an average of values for the metric across allenrollment images, including the input image. For example, say there areten different anti-spoof metrics that are extracted from the inputimage, each having a value. Let us assume also that there are four priorenrollment images for the user and the current input image is the fifthenrollment image for the user. The anti-spoof metrics from the priorfour enrollment images have been previously combined into the anti-spooftemplate. Once the current fifth enrollment image in encountered, theanti-spoofed metrics from the fifth enrollment image are averagedtogether with the anti-spoofed metrics from the four prior enrollmentimages.

In another embodiment, instead of computing an average for eachanti-spoof metric, updating the anti-spoof template comprises computinga median for each metric across the several enrollment images includingthe input image. In yet another embodiment, updating the anti-spooftemplate comprises computing a range for each metric across the severalenrollment images including the input image.

Returning to step 406, if the processor determines that the input imageis a verification image, at step 410, the processor compares theanti-spoof metrics of the input image to the anti-spoof metrics of theanti-spoof template 310. In one implementation, for each metric, theprocessor computes a difference value (or “differential” value) betweena value of a given anti-spoof metric in the input image and acorresponding value of the given anti-spoof metric in the anti-spooftemplate 310. These difference values are then passed to the classifier.

At step 412, the processor executes the classifier to make a spoofdecision. In one embodiment, the classifier is configured to make aspoof decision as to whether the input image is of a real finger or of aspoofed finger. In another embodiment, the classifier is configured togenerate an anti-spoof score and return the anti-spoof score to anotherentity within the anti-spoof module that makes the spoof/non-spoofdecision, e.g., by comparing the anti-spoof score to a threshold. Forexample, the spoof/non-spoof decision can be made elsewhere in thesystem, such as by the anti-spoof module 302, or by an upstream logicmodule (not shown) that calls the anti-spoof module 302 and the matcher304.

The classifier may be implemented as a neural network, but anyclassifier is within the scope of the disclosure. The classifier itselfcan be developed using machine learning methods, where a training setand a test set are created to train and validate the classifierperformance. As described, the metrics input into the classifier aredifferential metrics.

In addition, in some implementations, other metrics unrelated todifferential metrics computed using the method of FIG. 4 can also beinput into the classifier, and the classifier is configured to computean overall liveness score based on the combination of metrics.

Also, in some embodiments, the match/non-match decision of the matcheris made by a classifier associated with the matcher, which is the sameclassifier that makes the spoof/non-spoof decision. In otherembodiments, the match/non-match decision is made by a differentclassifier than the classifier that makes the spoof/non-spoof decision.

FIG. 5 is a flow diagram illustrating method steps for creating andupdating an anti-spoof template, according to an embodiment. In oneembodiment, the method in FIG. 5 is implemented by the spoof detectionmodule 306 in FIG. 3.

As shown, at step 502, a processor receives an enrollment image. At step504, the processor extracts anti-spoof metrics from enrollment image.Steps 502 and 504 are similar to steps 402 and 404 in FIG. 4.

At step 506, the processor determines whether anti-spoof metrics havebeen extracted from any existing enrollment images. If not, then at step508, the processor saves the metrics extracted from the enrollment imageas a new anti-spoof template. This would occur, for example, on the veryfirst enrollment image presented to the system.

If, at step 506, the processor determines that anti-spoof metrics havebeen extracted from existing enrollment images, then at step 510, theprocessor combines the anti-spoof metrics from the enrollment imagereceived at step 502 with the anti-spoof metrics from the existingenrollment images. As described, combining the anti-spoof metrics mayinclude, for each anti-spoof metric, computing an average, computing amedian, or computing a range. Other statistical techniques for combingthe anti-spoof metrics from the enrollment image with the anti-spoofmetrics from the existing enrollment images are also within the scope ofthe disclosure. For example, combining the anti-spoof metrics mayinclude updating a binary value indicative of whether a given anti-spooffeature is present in any of the enrollment images. Another examplecomputes a histogram of the values for a given metric and determines aprobabilistic range.

At step 512, the processor saves the combined metrics as an updatedanti-spoof template. At step 514, the processor determines whether thereare any more enrollment images to process. If yes, the method returns tostep 502. If not, the method terminates.

FIG. 6 is a flow diagram illustrating method steps for spoof detectionbased on one or more differential metrics, according to an embodiment.In one embodiment, the method in FIG. 6 is implemented by the spoofdetection module 306 in FIG. 3.

As shown, at step 602, a processor receives a verification image. Atstep 604, the processor extracts anti-spoof metrics from verificationimage. Steps 602 and 604 are similar to steps 402 and 404 in FIG. 4.

At step 606, the processor retrieves an anti-spoof template from ananti-spoof template storage (e.g., anti-spoof template storage 310). Theanti-spoof template includes values for the various anti-spoof metricsthat have been combined for the enrollment images for that particularuser.

At step 608, for a given anti-spoof metric, the processor computes adifferential value between a value of the given anti-spoof metric in theverification image and a value of the given anti-spoof metric in theanti-spoof template. For example, the differential value may be computedby subtracting the value of the given anti-spoof metric in theverification image from the value of the given anti-spoof metric in theanti-spoof template.

At step 610, the processor determines whether any more anti-spoofmetrics remain to be analyzed. If yes, the method returns to step 608.If not, the method proceeds to step 612, where the processor inputs thedifferential values computed at step 608 for each anti-spoof metric tothe classifier. At step 614, the processor executes the classifier tomake a spoof decision, i.e., determine whether the input image is areplica of a biometric.

In sum, the disclosed embodiments make a liveness determination based onmetrics (e.g., statistics) that are relative to metrics found in otherimages of that particular user's finger. The relative differences in themetrics are input into the classifier that makes the liveness decision.In some implementations, the disclosed approach provides betteranti-spoof results than conventional approaches where the classifieroperates independent of any relative (or “differential”) metrics.

Although this invention describes optical object imaging in the contextof fingerprint image sensing, the method and system may be used to imageany object.

The use of the terms “a” and “an” and “the” and “at least one” andsimilar referents in the context of describing the invention (especiallyin the context of the following claims) are to be construed to coverboth the singular and the plural, unless otherwise indicated herein orclearly contradicted by context. The use of the term “at least one”followed by a list of one or more items (for example, “at least one of Aand B”) is to be construed to mean one item selected from the listeditems (A or B) or any combination of two or more of the listed items (Aand B), unless otherwise indicated herein or clearly contradicted bycontext. The terms “comprising,” “having,” “including,” and “containing”are to be construed as open-ended terms (i.e., meaning “including, butnot limited to,”) unless otherwise noted. Recitation of ranges of valuesherein are merely intended to serve as a shorthand method of referringindividually to each separate value falling within the range, unlessotherwise indicated herein, and each separate value is incorporated intothe specification as if it were individually recited herein. All methodsdescribed herein can be performed in any suitable order unless otherwiseindicated herein or otherwise clearly contradicted by context. The useof any and all examples, or exemplary language (e.g., “such as”)provided herein, is intended merely to better illuminate the inventionand does not pose a limitation on the scope of the invention unlessotherwise claimed. No language in the specification should be construedas indicating any non-claimed element as essential to the practice ofthe invention.

Preferred embodiments of this invention are described herein, includingthe best mode known to the inventors for carrying out the invention.Variations of those preferred embodiments may become apparent to thoseof ordinary skill in the art upon reading the foregoing description. Theinventors expect skilled artisans to employ such variations asappropriate, and the inventors intend for the invention to be practicedotherwise than as specifically described herein. Accordingly, thisinvention includes all modifications and equivalents of the subjectmatter recited in the claims appended hereto as permitted by applicablelaw. Moreover, any combination of the above-described elements in allpossible variations thereof is encompassed by the invention unlessotherwise indicated herein or otherwise clearly contradicted by context.

What is claimed is:
 1. A device, comprising: a biometric sensor; and aprocessing system configured to: receive, from the biometric sensor, aninput image of a biometric; extract one or more anti-spoof metrics fromthe input image; receive an anti-spoof template corresponding to thebiometric; for a first anti-spoof metric, compute a differential valuebetween a value of the first anti-spoof metric extracted from the inputimage and a value of the first anti-spoof metric in the anti-spooftemplate; and determine whether the input image is a replica of thebiometric based on the differential value.
 2. The device of claim 1,wherein the processor is further configured to: receive, from thebiometric sensor, one or more enrollment images of the biometric;extract one or more anti-spoof metrics from each of the one or moreenrollment images; and generate the anti-spoof template based on themore anti-spoof metrics extracted from each of the one or moreenrollment images.
 3. The device of claim 2, wherein the one or moreenrollment images comprises at least two enrollment images, and whereingenerating the anti-spoof template comprises combining correspondinganti-spoof metrics extracted from each of the at least two enrollmentimages.
 4. The device of claim 3, wherein the combining comprisescomputing, for each anti-spoof metric, an average value for theanti-spoof metric.
 5. The device of claim 3, wherein the combiningcomprises computing, for each anti-spoof metric, a median value for theanti-spoof metric.
 6. The device of claim 3, wherein the combiningcomprises computing, for each anti-spoof metric, a range of values forthe anti-spoof metric extracted from each of the at least two enrollmentimages.
 7. The device of claim 2, wherein the one or more enrollmentimages of the biometric are further stored in a matcher templatestorage, wherein the processor is configured to determine whether theinput image is a match to one or more of the enrollment images separatefrom determining whether the input image is a replica of the biometric.8. The device of claim 1, wherein the processor is further configuredto: for each of two or more anti-spoof metrics extracted from the inputimage, compute a differential value between a value of a givenanti-spoof metric extracted from the input image and a value of thegiven anti-spoof metric in the anti-spoof template; wherein determiningwhether the input image is a replica of the biometric is based on thedifferential values corresponding to each of the two or more anti-spoofmetrics.
 9. The device of claim 1, wherein the biometric comprises afingerprint of a finger, and the replica comprises a gelatin mold, agraphite mold, or a wood glue mold of the fingerprint of the finger. 10.A method for performing spoof detection, comprising: receiving, by aprocessor from a biometric sensor, an input image of a biometric;extracting, by the processor, one or more anti-spoof metrics from theinput image; receiving, by the processor, an anti-spoof templatecorresponding to the biometric; for a first anti-spoof metric,computing, by the processor, a differential value between a value of thefirst anti-spoof metric extracted from the input image and a value ofthe first anti-spoof metric in the anti-spoof template; and determining,by the processor, whether the input image is a replica of the biometricbased on the differential value.
 11. The method of claim 10, furthercomprising: receiving, by the processor from the biometric sensor, oneor more enrollment images of the biometric; extracting, by theprocessor, one or more anti-spoof metrics from each of the one or moreenrollment images; and generating, by the processor, the anti-spooftemplate based on the more anti-spoof metrics extracted from each of theone or more enrollment images.
 12. The method of claim 11, wherein theone or more enrollment images comprises at least two enrollment images,and wherein generating the anti-spoof template comprises combiningcorresponding anti-spoof metrics extracted from each of the at least twoenrollment images.
 13. The method of claim 12, wherein the combiningcomprises computing, for each anti-spoof metric, an average value forthe anti-spoof metric.
 14. The method of claim 12, wherein the combiningcomprises computing, for each anti-spoof metric, a median value for theanti-spoof metric.
 15. The method of claim 12, wherein the combiningcomprises computing, for each anti-spoof metric, a range of values forthe anti-spoof metric extracted from each of the at least two enrollmentimages.
 16. The method of claim 11, wherein the one or more enrollmentimages of the biometric are further stored in a matcher templatestorage, wherein the processor is configured to determine whether theinput image is a match to one or more of the enrollment images separatefrom determining whether the input image is a replica of the biometric.17. The method of claim 10, further comprising: for each of two or moreanti-spoof metrics extracted from the input image, computing, by theprocessor, a differential value between a value of a given anti-spoofmetric extracted from the input image and a value of the givenanti-spoof metric in the anti-spoof template; wherein determiningwhether the input image is a replica of the biometric is based on thedifferential values corresponding to each of the two or more anti-spoofmetrics.
 18. The method of claim 10, wherein the biometric comprises afingerprint of a finger, and the replica comprises a gelatin mold, agraphite mold, or a wood glue mold of the fingerprint of the finger. 19.A non-transitory computer-readable storage medium storing instructionsthat, when executed by a processor, causes a computing device to performspoof detection, by performing steps comprising: receiving, from abiometric sensor, an input image of a biometric; extracting one or moreanti-spoof metrics from the input image; receiving an anti-spooftemplate corresponding to the biometric; for a first anti-spoof metric,computing a differential value between a value of the first anti-spoofmetric extracted from the input image and a value of the firstanti-spoof metric in the anti-spoof template; and determining whetherthe input image is a replica of the biometric based on the differentialvalue.
 20. The computer-readable storage medium of claim 19, wherein oneor more enrollment images of the biometric are further stored in amatcher template storage, and wherein the processor is configureddetermine whether the input image is a match to one or more of theenrollment images separate from determining whether the input image is areplica of the biometric.